-0.67(-3.70%)

0.0000(-0.0000%)

National Survey Commissioned by Egress Finds That Employees Frequently Expose Data via Email; Companies Fail to Encrypt Data Before Sharing, Putting them At Risk of Non-Compliance with Data Privacy Regulations

According to a national survey commissioned by Egress, 83 percent of security professionals believe that employees have accidentally exposed customer or business sensitive data at their organization. The survey found that accidental data breaches are often compounded by an organizational failure to encrypt data prior to it being shared – both internally and externally – putting their organizations at risk of non-compliance with major data privacy regulations, such as NYDFS Cybersecurity Regulation 23 NYCRR 500, GDPR, HIPAA and the emerging California Privacy Act (AB375).

Accidental Breach: Employees Expose Sensitive Data via Email and File SharingAn overwhelming number of security professionals believe that employees have put customer PII and business sensitive information at risk (83 percent). This is largely driven by the explosive growth in unstructured data (emails, documents, files, etc.), combined with the growing number of ways employees can communicate internally and externally.

Respondents named the five most common technologies that have led to accidental data breaches by employees:

External email services (Gmail, Yahoo!, etc.) (51 percent)

Corporate email (46 percent)

File sharing services (FTP sites, etc.) (40 percent)

Collaboration Tools (Slack, Dropbox, etc.) (38 percent)

SMS / Messaging Apps (G-Chat, WhatsApp, etc.) (35 percent)

According to Egress, some of the most common email accidents that lead to data breaches include:

Warning:Encrypt Before SharingThe survey found that a large majority of organizations fail to encrypt data before its shared – both internally and externally. This compounds the accidental breach problem, ensuring that any mistake by an employee will result in data definitely being exposed. As a result, organizations are at risk of non-compliance with major data privacy regulations, such as GDPR, the NYDFS Cybersecurity Regulation (23 NYCRR 500), and the recently-passed California Consumer Privacy Act. According to the survey:

Despite the failure to encrypt, data privacy regulations are driving changes in organizational approaches to security. When asked how new data regulations changed how information was shared, respondents stated they:

Implemented new security policies (59 percent)

Invested in new security technologies (54 percent)

Invested in regular employee training (52 percent)

Restricted the use of external data sharing tools (44 percent)

Security in 2019:Ransomware Still Represents the Biggest RiskFollowing the devastating and high-profile damage caused by ransomware attacks such as WannaCry and NotPetya, security professionals believe that malware and ransomware remain the biggest risk to their organization.

When asked what the biggest overall risks to IT was in the coming year, respondents indicated the following:

“The explosive growth of unstructured data in email, messaging apps and collaboration platforms has made it easier than ever for employees to share data beyond traditional security protections – combine this with the growing cultural need to share everything immediately, and organizations are facing the perfect storm for an accidental breach,” said Egress Chief Revenue Officer and NA General Manager Mark Bower. “What really stands out in the survey though, is that despite onerous regulations being enacted, companies are still failing to encrypt data before enabling employees to share it. Encryption is a well-known best practice that can prevent accidents from leading to a major incident resulting in hefty compliance penalties.”

About the Egress Data Privacy SurveyThe Egress data privacy survey was conducted by Opinion Matters research group among 1,000 U.S.-based senior and mid-level security professionals at organizations of 500 employees or more.